We have a pair of Fortigate-800 (running FortiOS 2.80 MR11) in a L2 active-standby cluster. The configuration is as follows:
external -- connect to campus backbone.
internal, dmz, ha -- connect to 3 internal zones for protection.
port1, port2 -- HA with the backup/active Fortigate.
port3, port4 -- unused.
The cluster runs smoothly without problem for 1 year.
However, the active Fortigate stops forwarding arp packets from its internal/dmz/ha to external interface yesterday morning. The arp forwarding in the reverse direction (i.e. from external to internal/dmz/ha) seemed to be normal.
We tried to unplug the network cable at active Fortigate so that the traffic would fail over to the standby Fortigate. The arp forwarding problem was ceased afterwards.
Does anyone have the same problem before?
Thanks a lot.
I didn' t type the diag command.
However, it didn' t seem to be NIC issue to me as the ARP forwarding problem did not happen again even I switched back to use the primary Fortigate.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.